Secure DNS Deployment Guide

Published: October 7, 2009

Updated: October 7, 2009

Applies To: Windows Server 2008 R2

The Domain Name System (DNS) protocol is particularly vulnerable to attack due to an inherent lack of authentication and integrity checking of data that is exchanged between DNS servers or provided to DNS clients. Successful attacks can be especially disruptive because of the critical role that DNS plays in most networks. Therefore, it is important to evaluate the security of your DNS infrastructure and consider the advantages of deploying security features that are provided for the DNS Server role in Windows Server. This documentation provides guidance for using these security features.

This guide is intended for use by system administrators and system engineers. It provides detailed guidance for configuring and deploying a secure Microsoft DNS infrastructure using Windows Server® 2008 R2. If your organization has deployed a Microsoft DNS infrastructure using an earlier version of Windows Server, you can still use this guide to review the secure DNS settings and infrastructure guidelines that are provided. Some enhancements to Microsoft DNS security, such as DNS Security Extensions (DNSSEC) are only available with Windows Server 2008 R2.